Adding Custom Identity Provider using SAML 2.0 (SiteMinder) to Azure ACS

Question

I'm looking for help adding a custom identity provider to ACS. I'm currently working on an application hosted in Windows Azure. For authentication - we are trying to configure ACS to work with CA SiteMinder.

We have previously been told that ACS can natively support custom identity providers using SAML 2.0 tokens, but we are not sure how to properly add this connection in ACS. Simply trying to add it through the Management Portal does not give us this option and we are forced to use WS-Federation. Is there any way to do this without reconfiguring SiteMinder to provide to use WS-Federation?

Certain threads suggest PowerShell cmdlets exist to add identity providers in ACS, but all such links appear to be several years old (and now dead).

One of the original blog announcments: http://www.cloudidentity.com/blog/2011/05/17/announcing-sample-acs-cmdlets-for-the-windows-azure-appfabric-access-control-service/

The current Windows Azure PowerShell commands do not appear to have options for interacting with ACS.

Answer 1

ACS doesn't support SAML (the protocol). It is confusing, because WS-Federation uses SAML Tokens too.

On a side note: if your app is only going to authenticate users in your CA SiteMinder, then there's not much value in in having an intermediary (ACS). If you can turn on WS-Fed in SM, then just connect the app to it. WIF only supports WS-Fed, by the way, so you'll need WS-Fed regardless (or use some other library besides WIF).

An intermediary is valuable when you have multiple identity sources: your SM, someone else's, etc. and can act as a broker of authentication.

Depending on the protocols you need to support ACS might or might not be a good candidate (do you need OAuth? SAML? WS-Fed? etc).